According to the RedHat summary: An integer overflow flaw, leading to out-of-bounds read, was found in the LETableReference's verifyLength() method. A specially crafted file could cause an application using ICU to parse untrusted font files to perform an invalid memory access, leading to crash and possibly disclosure of portion of application memory. Upstream ticket, members only :-( http://bugs.icu-project.org/trac/ticket/11865 Reproducible: Always
CVE-2015-2632 was assigned for a vulnerability in JAVA (which uses icu). Debian shipped https://sources.debian.net/src/icu/52.1-8%2Bdeb8u4/debian/patches/CVE-2015-2632.patch/ but according to https://sources.debian.net/src/icu/58.1-1/debian/changelog/#L45 this should be fixed upstream since 57.1. However, I am unable to locate the files or code the patch changes so I cannot confirm and http://site.icu-project.org/security doesn't list this vulnerability. I am going to contact upstream to ask for a status update.
Upstream replied and confirmed that this fix was released with icu-57.1 (http://site.icu-project.org/security is now updated). icu-57.1 appeared in Gentoo repository but isn't stable across all arches yet (bug 594494). Anyways, superseded by icu-58.1, bug 594494.
Cleanup done. Office out.
Had to revert the cleanup since it depends on bug 603792
Added to existing GLSA request. Cleanup will happen as part of bug 594494.
This issue was resolved and addressed in GLSA 201701-58 at https://security.gentoo.org/glsa/201701-58 by GLSA coordinator Aaron Bauman (b-man).
